Friday, March 29, 2024

Hackers Exploit FortiOS Vulnerabilities to Access Government and Technology Services Networks

Recently, in March, the news got spread all over the internet that hackers are currently exploiting three known Fortinet FortiOS vulnerabilities.

The case was initially detected by the FBI and CISA; and they affirmed that the main motive of the threat actors is to gain access to government, commercial, and technology services networks.

However, the government experts have noticed that the state-sponsored threat actors are continuously scanning the internet so that they can find all possible servers that are vulnerable.

After a joint investigation, the FBI and CISA both observed that the threat actors were investigating systems on ports 4443, 8443, and 10443. And not only this, but the hackers are continuously scanning the specified devices for the CVE-2020-12812 and CVE-2019-5591 flaws.

Summary and Technical details

According to the joint report, the APT threat actors have a long back history; that’s why, they have been exploiting all critical vulnerabilities so that they can easily conduct all their required operation.

The attacks that are being conducted by the APT hackers have distributed denial-of-service (DDoS) attacks, Structured query language(SQL) injection attacks, spearphishing campaigns, ransomware attacks, disinformation campaign, and website defacements.

After the examination, the FBI and CISA asserted that the APT threat actors are exploiting these Fortinet FortiOS vulnerabilities that we have mentioned below:-

Moreover, the threat actors were using different CVEs and some common technical methods so that they can obtain access to all the critical infrastructure networks to pre-position the attacks.

Flaws were used to hack the US election support systems

The APT threat actors have published a complete list of exploits in November 2020, and all these exploits could be abused by hackers or any threat actors to steal the credentials of VPN from 50000 vulnerable servers.

Due to these critical reasons, earlier Microsoft in September 2020 has already urged about the APT actors from major countries like China, Iran, and Russia are targeting the 2020 US elections.

Mitigations

  • Perform network segmentation.
  • Always use multi-factor authentication where possible.
  • Require administrator credentials to fit the software.
  • Every audit user accounts with executive privileges and configures access checks with the least privilege in mind. 
  • Perform a recovery plan to reinstate all the sensitive or proprietary data from a physically separate, segmented, secure location.
  • Always remember to install and regularly update security tools and software on all hosts.
  • Don’t forget to add an email banner to emails obtained from outside your organization.
  • Remember to disable hyperlinks in received emails.
  • Focus on awareness and training, to recognize and evade such attacks and phishing emails.

The FBI and CISA have worked many times to disclose the APT threat actors and many other attacks. That’s why now they have published a joint security advisory on attacks exploiting vulnerabilities in Fortinet systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles